Judge Orders Yahoo to Explain How It Recovered ‘Deleted’ Emails in Drugs Case
motherboard.vice.comRelevant and coincidental personal anecdote: 10 years ago I caught my x-wife in an affair as she was using this same method the communicate with her lover. Her choice of email address for the shared account raised alarms on my firewall, so it was a simple matter to track to her machine. While she had gone to the similar trouble to delete all records on Yahoo (coincidentally), she had been browsing with IE which, due to some off-line setting, was cacheing locally all of the pages she had written. It was simply a matter of laying hands on her laptop and downloading all of that cache to expose the ruse.
I cannot find the article, but I believe this method of sharing access to one e-mail account to many parties was one of the comms methods employed by the 9/11 terrorists, pioneered by Columbian drug lords.
David Petraeus and his mistress were using the same trick: https://www.washingtonpost.com/news/worldviews/wp/2012/11/12...
I was recently bored and watched, after years of avoiding it, The Traitor (2008), with Don Cheadle as a terrorist ... or not so-terrorist. The movie was pretty bad (there's the real spoiler!).
In that movie, which I just check the date for, seems like one of the first pop references to the idea of sharing email drafts in a free email account without sending anything.
https://www.washingtonpost.com/news/worldviews/wp/2012/11/12...
Now, can someone prove me one better and find where this idea got traction? I honestly laughed watching that movie, wondering if Petraeus watched it years earlier, and thought to himself, I wonder if this will work in real life ...
UPDATE: I could, gee, also try RTFWPA! It refers 2005 reports of AQ using the same tactic, you know, where probably he got it from.
Or he got it from the movie, which would make me in a die a fit of laughter!
I enjoyed that movie, the ending made me laugh so hard!
Note that that doesn't mean it's GOOD.
Thank Allah I am not the only one.
Oh crap, mission compromised! SIGABRT! Wait, is everyone in this room part of the hacker cell? Are we all hacking each other? Haha.
(Honestly, what disturbs me the most is that, yet another spoiler, he puts all these suicide bombers on a bus to detonate themselves. And they never mention the bus driver who dies as part of this ruse. Not even does Don Cheadle seem to care about this guy! I found that pretty disappointing. I think that is just the underappreciated IT guy talking.)
Funny, I've run the mail server of our family for quite a while and it would never enter my head to read someone else's email.
the mail server? how do you avoid being put in the spam bin of every email provider ever?
seems like it would have been a hassle to deal with for the last 15 years
It may be strange to you but running a mailserver was pretty normal back in the day and even now I see nothing wrong with it. In fact, I see a lot wrong in having just a few email service providers that get to dictate terms. There is arguably something wrong with how hard it is to properly set up and secure a mail server, but the concept of running your own mailserver is no different than running your own HTTP(S) server.
It is somewhat different because you need to convince other mail servers to cooperate with yours whereas the HTTPS server works directly with clients (browsers) and may function completely independently.
I run my own mail server. It's simple enough to set up SPF in your DNS records to avoid landing in Gmail's spam, at least. Not sure about other providers. I send so little mail that I'm basically background noise.
It also matters if you host it at a reputable place (DO or AWS or Linode work) and if you want it easy, just wire up your mail server to a transactional email service or smtp.google.com :
https://zapier.com/learn/ultimate-guide-to-email-marketing-a...
It's possible to configure DKIM and SPF and your server correctly, and hopefully stay off blacklists, but if inbox deliverability really matters to you, a [no-cost] plan with a Mandrill or MailGun service should do well for you. It's what I use to have home servers and IoT things send me email, to gmail, and I never have deliverability issues.
its not strange to me that is was done, just that you or anyone was attempting to do it, for their family no less, in the last 15 years.
I've been running my own mail server for years; it's on a linode VPS. I've had zero problems with my outgoing messages being blocked. I don't even bother with inbound filtering: spam is much less a problem these days than it was ten years ago.
Of course, I've configured my server to properly sign email, publish SPF records, and so on. My server may be small, but god damn it, it's top notch.
Maybe I'm unlucky, but I get a pretty high volume of incoming spam on my mailserver. However about 99% of it originates from machines that are on essentially all the blacklists, so it's fairly easy to reject it in the SMTP session with a conservative DNSBL check, without getting into spamassassin-style content filtering (I also prefer rejecting in the SMTP session, because on the off chance that there was a false positive, the sender at least gets notified of the non-delivery, instead of their mail being silently eaten).
I agree that outgoing deliverability isn't really a problem for me either. I do have DKIM and SPF set up. I also am a fairly low-volume message source. I think self-hosting is more tricky if you're emitting large volumes of mail, like transactional emails for a business. But as a personal email server it's been fine for me.
Same. I never have any problems. There's even websites that will look at your domain to see if you end up on any blacklists, or if you have any public-facing misconfiguration. Easy to set it up once, and forget about it.
I also maintain my family's mail server and haven't run into any issues sending to other providers. I assume it's because the system is kept up to date, secure, and follows recommended standards.
I wonder if this would now technically be an offence under the Computer Misuse Act (CMA) as presumably she didn't give you authorisation to access her laptop?
Diary-reading was bad form even before. If you want your adolescent child to never ever trust you again for the rest of their life, go read their diary.
Yes. That's something you can forgive, but never forget.
Spouses share communal property. Hard to argue that your husband can't be allowed to use a common resource of the household.
It probably is hard to argue, but that's what lawyers love isn't it??
He described it as "her laptop", there's a clear demarcation of ownership. I just wonder if those ownership laws of the physical property would overshadow the unauthorised access to material parts of UK's CMA (and it's ilk depending on your jurisdiction). AFAIR it just says unauthorised access nothing about 'of a system not owned by the accused'; indeed there was a case (Court of Appeal case at bottom of http://www.computerevidence.co.uk/Cases/CMA.htm) specifying that it was unlawful access to data on any computer (ie including the one you're entitled to access).
It might serve to consider if your wife had secretly taken lewd pictures that wouldn't give you, as spouse, entitlement [eg because you owned the computer] to access them without her permission.
Just because one owns the computer system doesn't mean one owns, nor has a right of access to, the data. That's quite clear in many areas.
Well, when you're a teenager, your parents probably own your car, despite it being "your car". Just because they say it's "your car" doesn't mean it isn't legally theirs. Not to mention, in America, the majority of marriages have communal property. Just because your wife buys it, it's still yours; it's just extremely rude to "open" without permission.
Okay, I'm a married woman, and at my previous employer, we were given desktops, which meant we had to use a personal laptop if we wanted to work from home, or check our email out of the office. Totally legal, not a problem.
So, what happens if my husband decides that my laptop is also his laptop, and uses it to access to company servers, accounts, and databases? I signed an NDA, he hasn't. Now he has access to intellectual property and trade secrets, he decides to go to a competitor and sell them for the highest price.
Fortunately, the ECPA exists, so even if my security practices were as terrible as the above scenario implies, I'd still have some legal protections.
If I've told him "this is my computer, you're not allowed to access it" and he did, that would violate the ECPA. If I protected it with an easy-to-guess password and he guessed it, that would violate the ECPA. If I had an unprotected computer, and let him use it, but he installed a keylogger to get work passwords, that would violate the ECPA. If I let him access my machine and he uses auto-fill stored passwords in a browser to log into my work email, that's also an ECPA violation.
Not only does this apply to husbands and spouses, but also parents and children.
In addition, the separate/community property laws vary from state to state, and most states allow for common-sense separate property laws within marriage. In most states, my spouse can't use a computer given only to me, or a computer I had before we got married, or a computer I purchased with my own separate assets (what constitutes a "separate asset" is a huge discussion, but you get the idea). You can make a written agreement that "this is separate property" and even if you didn't do that, it would likely be a strong argument in court that an unwritten "separate property" agreement exists for a particular machine, in certain circumstances.
"Just because your wife buys it, it's still yours" is absolutely not an ironclad rule.
Why do you asume is communal and not property of one of them?
In the USA a number of states are de jure community property states. In those states, assets acquired in marriage, and appreciation in value of assets owned before marriage are both considered to belong equally to both spouses.
Many other states are de facto community property states. There is often some sort of "equitable" division of assets in a divorce. In practical terms this often appears quite similar to the de jure states.
One of my favorite quips was from Tom Arnold, during his second divorce. He said something like "she wants half of half of Roseanne's money".
Thanks for the explanation.
Can the members of the marriage(spouses?) change that?
Here in Spain some autonomous communities (like the states in USA) have community property as default and some others have asset separation as default but when one gets married can decided which one to use
You can get a prenuptial agreement (prenup), but which laws you are allowed to override varies by state, duration of the marriage, the whims of the divorce court, and how diligent you are about keeping assets separate during the marriage. You're probably better off spending your energy on avoiding marrying the wrong person...
> You're probably better off spending your energy on avoiding marrying the wrong person...
http://www.nytimes.com/2016/05/29/opinion/sunday/why-you-wil...
In summary you can get a prenup, but it may not matter at all depending on jurisdiction and a variety of circumstances.
"Her choice of email address for the shared account raised alarms on my firewall"
That's a pretty serious firewall you have there. Assuming that s/he was not using encrypted smtp and imap or pop, then you still have a L7 filter that reads and logs email addresses and alarms on them. Now it is unlikely (to me) that you would have a whitelist of acceptable email addresses with which to alarm. I can think of a few other things you might have done to trigger alarms and all of them are pretty distasteful.
So I will conclude you simply violated her civil rights and spied on her.
I feel sorrow for you, genuinely, that you have had a relationship problem but I suspect that it would have been easier to find out what was going on in the various old fashioned ways, rather than farting around with IT and being a bit creepy.
You don't have to save the messages. You just need to look at the logs. If you had traffic to/from mail.google.com, no problem. But if you have traffic /to/ ashleymadison.com or whatever, that's suspicious
What’s the Big Deal? It’s just Metadata. /s
> Her choice of email address for the shared account raised alarms on my firewall
What does that even mean?
I would assume he means it wasn't one of the big players such as Gmail or Outlook so when he saw traffic to mail.ru or whatever service it was it looked suspicious to his normal traffic profile.
> bobbyandsue@example.com
"but my name's Jim...."
Not really unhappy that someone cheats on husband who keeps tabs on family internet habits (to the point of analyzing http traffic destinations) and then has no reticences to running forensics on wife's computer.
I have trouble understanding why people go through such lengths to maintain a hidden affair. If you've decided to have a long-term relationship with the new person, why not just file for divorce instead of going through ridiculous lengths to hide your new relationship? It seems like a lot of trouble, plus it makes it very clear that you're a terrible person when it's discovered.
Please forgive my nosy question, but was she financially dependent on you or was there some other reason for her to maintain the marriage?
Affairs aren't about leaving your current partner and starting with someone new. The point of many affairs is the keeping it hidden stuff which adds to the excitement.
Fair enough. That jives with my belief that anyone engaging in a long term affair is basically just a terrible human being, though. I'd like to believe that there is some way that people having affairs aren't necessarily horrible, but I can't see how anyone could get their thrills at the direct expense of the person they swore to love forever and not just be a horrible human.
Maybe they're just not thinking about the other person's feelings.
The fact they are actively trying to hide it could also be because they are trying not to hurt them.
It's hard to argue that they are getting thrills at the direct expense of an unknowing party, if they don't get caught. Of course, just putting the one you're supposed to be in love with at the risk of hurt is fairly horrible.
The cynic in me also just doesn't think it's sane to expect that an oath to love forever could be relied upon anyway, and the statistics do bear this out.
> The fact they are actively trying to hide it could also be because they are trying not to hurt them.
Eh, kind of doubt it. Most people would rather have their partner break up than cheat on them. It's considerably less hurtful to just leave someone than to carry on a hidden affair.
> The cynic in me also just doesn't think it's sane to expect that an oath to love forever could be relied upon anyway, and the statistics do bear this out.
I guess the optimist in me believes that if a partner is no longer in love and no longer interested in trying, they should break up rather than cheat. Similarly, I believe a business partner who no longer wants to be involved in the business should sell off their shares rather than purposely tanking the business.
> It's considerably less hurtful to just leave someone than to carry on a hidden affair.
Not if nobody finds out about the hidden affair. But yes, it's a douchey thing to do.
> I guess the optimist in me believes that if a partner is no longer in love and no longer interested in trying, they should break up rather than cheat.
That doesn't sound terribly optimistic to me, optimistic IMO would be believing that a vow for love forever might have a chance of working.
> It's hard to argue that they are getting thrills at the direct expense of an unknowing party, if they don't get caught.
"It is only bad if you get caught" is an absurd justification for anything. Is it okay for me to break in and stay in your home while you are away, if you don't find out?
If there are literally zero effects, then yes, you are welcome to break into my house.
Some people like to have their cake and eat it.
i'm curious... what was her reaction when you recovered the data?
Divorce?
that was his reaction.
TOTALLYNOTCHEATING@YAHOO.COM
Here's a thought: what if 'Yahoo gives FBI snapshots' is actually parallel construction, but Yahoo are not allowed (under PATRIOT or whatever) to admit the extent of their cooperation with three letter agencies (for instance, that they hand over everything they see without requests being made). Do they have to refuse to comply with the court?
There is likely leeway for them, or the government, to address the judge in private and get this all dismissed.
Or perhaps some immunity to any results.
In that case I'm surprised the judges are permitted to ask this sort of question in public, it creates a warrant canary.
The idea that Yahoo is covering for a government surveillance program is entertaining, but it hardly seems difficult to believe that they aren't actually deleting what they say they are deleting. Of course, keeping copies of everything forever in violation of their own policy is not exactly going to make law enforcement unhappy.
I suspect that yahoo and other companies haven't yet taken the issue of failing to delete data that should be deleted as seriously as that of losing data that shouldn't be deleted, but this has the potential to become a significant privacy issue.
Data retention is negotiated and spelled out in detail in NDAs for contract research organizations. It's easy to delete data from servers once a project is done, but the backup tapes also have copies. You can't throw the tapes out, because the company needs them, hence there are agreements what happens to the data and tapes, and nowadays these are standard practice.
This is a solved problem in the real world, but some companies would have us think it's the Wild West, when in fact it isn't.
The solution with backup tapes is obvious, you encrypt the files on the tapes with session keys and encrypt a copy of the session key with a client/project or project key stored on a separate random access medium. When the project needs to be deleted you destroy the key for that project, job done. The most difficult bit is enforcing the proper ownership and location of files so that you know which ones belong to which project. More complicated schemes can sllow files to be shared between projects but the basic principle remains the same.
But what about the backups of where the encrypted session keys are kept? Wouldn't this be a "backups all the way down" situation?
Backups of keys are a lot smaller and fit on USB flash drives and CDs. So in practice keeping encrypted backups with multiple keys is easier to deal with
But an NDA can't prevent a company from turning over their backup data to the authorities when presented with a legitimate warrant from a court.
At least you know what documents are retained, and in what form, and for how long, and you can plan around that. With all these free services you can only assume the worst.
I'm curious if there will be blowback on Internet email companies if it turns out the emails were not deleted, just archived away from user's access.
If you ever see an auto-complete feature on a website, it's probable that that website is logging every keystroke. If you type "thermal detonators" into Google, but never actually click the button, it's still flagged up aboard the Imperial Command Ship.
I once read an article about facebook even reporting back to the mothership messages that you typed out but did not actually send because you changed your mind. Never forget: The website owns the window you're operating in (if there's JavaScript), not just requests you send by clicking <a> links.
Doubt it. Remember the NSA "scandal" that lasted a few months before people went back to not caring? Remember Kony 2012? North Korea's human rights violations? You'll never fix the problems in America until you fix the horrifically apathetic attitude of Americans.
Aren't backups basically a guarantee that you can never ever delete anything from anyone's server? Even if you hit delete on an email/post/photo/etc. if they made a backup before then, your data will now forever live on in some vault or maybe just Amazon Glacier. I can't imagine that Yahoo would go and retroactively remove your email from their backup tapes/optical discs/offline hard drives/clay tablets that they use.
The nearest thing to a "standard" for retention of operational backups is 30-60 days. For organisations retaining backups as part of some ill-conceived archive, 7 years is typical; for organisations retaining backups under legal hold, or whose backup process is out of control, indefinite retention is not unheard of.
So while it's possible that backups mean you can never be entirely certain your deleted data will stay deleted, it's most certainly not guaranteed.
In Europe, the recently enacted General Data Protection Regulations "GDPR" which will come into force in 2018 will in theory require organisations to ensure that personal information is removed in an appropriate timeframe - this would include disposing of backups, or where data is comingled, ensuring at a granular level that data is blacklisted for restore.
It remains to be seen how practical that will be, so moving to retentions appropriate for operational restore may be the more sensible solution.
I could imagine drafts have much less diligent deletion policies vs sent emails. Auto-save mechanisms typically keep a long history of diffs, or whole versions.
UPDATE email SET deleted = 1 WHERE uuid = '3b431dc020cc404b8bbea290e91b9865';
Farm model replicated across regions backed by filers taking snapshots of the entire farm.
* my speculation
Is anything ever deleted?
If it is on a third-parties servers then hell no.